Hi,

Few questions to get me out of the confusion I'm in. I managed to make an external app to make successful API calls, this after obtaining an access token/token secret. But I'm confused as the REST API testing tool (http://developer.myspace.com/modules/apis/pages/devtool.aspx) does the same thing without access token as with a weird looking consumer key:

1- using the REST API testing tool through my account, requests have an oauth_consumer_key parameter in the form "C50CF2B2-B4..." whereas consumer key for my app is in the form "http://www.myspace.com/number". Why are the consumer keys different ?

2- testing tool does not use OAuth access token (no "oauth_token" in the requests). When I copy/paste these requests in browser they just work, and this without having an oauth_token, how come ?

3-  When I make calls from my external app in the same way the testing tool does (that is, without access token and with the "C50CF2B2-B4..." form of the consumer key), I get n HTTP 401 response. I guess this is expected,but I don't get why it works for the testing tool and not my app (the latter is calculating fine signature and all, as mentioned above code works ok when using an access token).

Thanks,

Ol.

Not sure what tool you are using to test, or what your test harness looks like, but if you are using the .Net Rest API from codeplex there is an error in the uri.  The REST uri has changed recently to 'api.myspace.com'.

I was able to succesfully make calls to the REST api in a stand-alone winforms application.  The MySpace application was not marked as external though (I plan on incorporating the REST api calls in my server and exposing them to the client via AJAX calls).

Hi,

 I noticed there is a REST forum section too, maybe my post should be moved in there...

 To use the REST API from an external app you have to declare your app as external (on the app settings on MySpace) and then use an OAuth lib (I'm using the Java OAuth lib, but there are some for other languages) to make calls.

My main concern is that the MySpace testing tool at http://developer.myspace.com/Modules/APIs/Pages/DevTool.aspx has no token in its request, and that the consumer key in  requests are not in the same form as any user consumer key (which is a URL).

 I don't think you need to mark your app as external to use REST.  I was able to succesfully make calls via a winforms application (desktop app) to MySpace using the .Net REST api.  My app was not marked as external,.  I think (I've been known to be wrong, though) an external application gives you access to REST and DA but doesn't require the user to launch or install the application from MySpace.  You still use REST since it's server-server calls.

I also think you are mixing apples and oranges.  The link you posted is the API test tool which lets you test out client side api calls and REST is for server-server communication.  If you want to test REST go here: http://developer.myspace.com/modules/apis/pages/oauthtool.aspx.

My understanding is the following, please let me know if I'm wrong:

- everything provided for developers on MySpace use the REST API in the end, whether this is the OpenSocial Javascript lib, DA, whatever. So whatever entry point we choose, the maximum feature set we can get is described in the REST API reference, which is here: http://developer.myspace.com/community/RestfulAPIs/resources.aspx and also some OpenSocial support described here: http://developer.myspace.com/community/myspace/da.aspx

 - DA makes it possible to use the REST API from outside of a client app, and basically enables OAuth authentication (requesting request token, authorizing app, requesting access token) and OpenSocial access.

 - the API tool at http://developer.myspace.com/modules/apis/pages/devtool.aspx makes REST API calls,  OAuth formatted, but without using a token. Apparently it gets its authentication through the consumer key, which is formatted is a strange way, at least not the way we are supposed to use it from an external app. I guess this is because MySpace generates this key internally and this is sufficient to identify the user/app key and make sure the user is logged in at the time of request.This tool only work for the user currently logged in.

- the OAuth tool at http://developer.myspace.com/modules/apis/pages/oauthtool.aspx has basically the same purpose as the API tool, except that it works with a token, so we have to have a valid access token to use it, that we have for example obtained through the External App Auth page at http://developer.myspace.com/modules/apis/pages/accessdelegationtool.aspx. The OAuth tools then makes it to possible to make requests for different users than the one currently logged in.

 - About marking an app as external: I think this is necessary for using the External App Auth at http://developer.myspace.com/modules/apis/pages/accessdelegationtool.aspx, because this is where callback URLs are defined. Now if you get your access token from other ways, maybe it is not necessary to have the app declared as external.

Sounds right to me.  The main point I think you touched on is that DA requires oauth whereas REST only requires consumer key and consumer secret and DA will not work unless the app is marked external (I just tested that so I'm fairly confident that's the case).

In my understanding, if we want to use the REST API from an external app, then we have to use it with a valid oauth token. At least I have tried to use this API from my external app without token and I always got HTTP 401 responses. However when I used it with an access token it worked fine.

 Acutally managed to make it work without an oauth token now, but I'm now sure why. My app stated turned into "development" after I made a request for publishing, maybe this is what made the REST request work without token?